06/30/2004 15:45 FAX 216 696 8731 AMIN, & TUROCY LLP. Si 002 



09/741,217 MS160074.01 



AMENDMENTS TO TOE CLAIMS CnmEPB}}?^ 
CENTRAL FAX CENTER 

This listing of claims includes a complete listing of both allowed claims and . 4 , 

JUN 3 0 2004 

amended claims and will replace all prior versions, and listings, of claims in the 
application: 



Listing or Claims 



OFFICIAL 



1. (Currently amended): A system of establishing a secure link among 
multiple users on a single machine with a remote machine, comprising: 

a subsystem to filter traffic so that traffic from each user is separat e, the 
subsystem comprising an Internet Key Exchanne (IKE) module and a policy 
module, the IKE module adapted to provide User Mode negotiations in order to 
establish a secure link among users : 

wherein the subsystem generates and associates a Security Association 
(SA) with at least one filter corresponding to the user and the traffic and employs 
the SA to establish the secure link. 

2. (Original): The system of claim 1 being located on the single machine. 

3. (Original): The system of claim 1 being located on the remote machine. 

4. (Cancelled) 

5. (Currently amended): The system of claim I [[4]], wherein the policy 
module is configured via Internet Protocol Security (IPSEC). 

6. (Original): The system of claim 5, wherein filters are provided from the policy 
module in order to filter traffic associated with the single machine and the remote 
machine. 
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7. (Original): The system of claim 6, wherein the single machine filter is 
associated with a communications port on the single machine. 

8. (Original): The system of claim 7, wherein the remote machine determines 
filters dynamically to communicate with the filters associated with the single machine. 

9. (Cancelled) 

10- (Currently amended): The system of claim 1_ [[9]], wherein the User Mode 
negotiations utilize keying material derived from Main Mode negotiations in order to 
provide the secure link among users. 

1 1 . (Original): The system of claim 1 0, wherein the User Mode enables a plurality 
of Quick Mode negotiations in order to provide the secure link among users. 

12. (Original): The system of claim 1 1 , wherein the User Mode negotiation 
further comprises an initiator packet including at least one of a user identification 
initiator, a security association attribute, a nonce initiator, a proxy source, and a proxy 
destination. 

13. (Original): The system of claim 12, wherein the initiator packet further 
comprises a user identification responder. 

14. (Original): The system of claim 1 1, wherein the User Mode negotiation 
further comprises a responder packet including at Jeast one of a user identification 
responded a security association attribute, and a nonce responder. 

15. (Original): The system of claim 1 1, wherein the User Mode enables a plurality 
of authentication packets to be sent to authenticate among users. 



-3- 

PACE 3110* RCVD AT 613(112004 4:50:20 m [Eastern DayfigM Time] ' SVR:USPT0-EFXRF-1/4 * DN1S:8729306 ' CSiD:216 696 8731 ■ DURATION (mm-ss):03-04 



08/30/2004 15:46 FAX 216 696 3731 AMIN, & TUROCY LLP. @)004 



09/741,217 MS160074.01 



1 6. (Currently amended): A system of establishing a secure link between a 
first machine and multiple services on a second machine, comprising: 

a subsystem to filter traffic so that traffic from each service is separat e, the 
subsystem comprising a policy module and an Internet Key Exchange (IKF1 
module adapted to provide User Mode negotiations in order to establish a secure 
link among users : 

wherein the subsystem generates and associates a Security Association 
(SA) with at least one filter corresponding to the user and the service and employs 
the SA to establish the secure link. 

17. (Original): The system of claim 16, wherein the subsystem further comprises 
an Internet Key Exchange module and a policy module to generate and associate the 
security association. 

1 8. (Original): The system of claim 17, wherein the policy module is configured 
via Internet Protocol Security (IP SEC). 

19. (Original): The system of claim 1 8, wherein filters are provided from the 
policy module in order to filter traffic associated with the first machine and the second 
machine. 

20. (Original): The system of claim 1 9, wherein the first machine filter is 
associated with a communications port on the first machine. 

2L (Original): The system of claim 20, wherein the second machine determines 
filters dynamically to communicate with the filters associated with the first machine. 

22. (Currently amended): The system of claim 1 [[4]], wherein the IKE 
module is adapted to provide User Mode negotiations in order to establish a secure link 
between the services. 
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23. (Original): The system of claim 22, wherein the User Mode negotiation 
further comprises an initiator packet including at least one of a user identification 
initiator, a security association attribute, a nonce initiator, a proxy source, and a proxy 
destination. 

24. (Original): The system of claim 23, wherein multiple services are 
authenticated on the second machine by utilizing a policy look-up associated with service 
information relating to the initiator packet. 

25. (Original): The system of claim 24, wherein if a multiple service 
authentication fails, the second machine initiates a User Mode negotiation. 

26. (Currently amended): A method of establishing a secure link among 
multiple users on a single machine with a remote machine, comprising the steps of: 

filtering traffic so that traffic from each user is separate; 

utilizing an Internet Key Exchange (IKE) module and a policy module, the 
IKE module providing User Mode negotiations to establish a se cure link amnnpr 
users; 

negotiating and authenticating a Security Association (SA) with at least 
one filter corresponding to the user and the traffic; and 
employing the S A to establish the secure link. 

27. (Currently amended): A method of establishing a secure link between a 
first machine and multiple services on a second machine, comprising the steps of: 

filtering traffic so that traffic from each service is separate; 

employing a policy module and an Internet Key Exchange (IKE) module 
to provide User Mode negotiations to establish a secure link among users: 

negotiating and authenticating a Security Association (SA) with at least 
one filter corresponding to the services and the traffic; and 

employing the SA to establish the secure link. 
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28. (Currently amended): A system for establishing a secure link among 
multiple users on a single machine with a remote machine, comprising: 

means for filtering traffic so that traffic from each user is separate; 

means for utilizing a policy module and an Internet Key Exchange (IKE) 
module adapted to provide User Mode negotiations in establishing a secure link 
among users: 

means for negotiating and authenticating a Security Association (SA) with 
at least one filter corresponding to the user and the traffic; and 
means for employing the SA to establish the secure link. 

29. (Cuixently amended): A system of establishing a secure link between a 
first machine and multiple services on a second machine, comprising: 

means for filtering traffic so that traffic from each service is separate; 

means for employing a policy module and an Internet Key Exchange 
(IKE) module to provide User Mode negotiations to establish a secure link among 
users: 

means for negotiating and authenticating a Security Association (SA) with 
at least one filter corresponding to the services and the traffic; and 
means for employing the SA to establish the secure link. 



-6- 



PAGE 6/10 * RCVD AT 6/^2004 4:50:20 PM [Eastern Daylight Time] * SVR:USPT0-EFXRF-1/4 f DHiS:8729306 * CSID:21 6 696 8731 1 DURATION (mnvss):03^)4 



06/30/2004 15: 4S FAX 216 696 $731 



AMIN, & TUROCY LLP. 



aoo7 



09/741,217 MS160074.01 



30. (Currently amended): A computer readable medium having stored thereon 
computer executable components, comprising: 

a component to filter traffic between a first machine, having multiple 
users, and a second machine so that traffic for the first machine is separated in 
accordance with the respective users; and 

a component to generate and associate a Security Association (SA) with at 
least one filter, corresponding to at least one of the users and the respective traffic, 
and employs the SA to establish a secure link between the first and second 
machines, the component employing a policy module and an Internet Key 
Exchange (IKE) module adapted to provide User Mode negotiations in order to 
establish a secure link among users , 

3 1 . (Currently amended): A data packet adapted to be transmitted between at 
least two processes, comprising: 

a first component to filter traffic between a first process, associated with 
multiple users, and a second process so that traffic for the first process is 
separated in accordance with the respective users; and 

a second component to generate and associate a Security Association (S A) 
with at least one filter, corresponding to at least one of the users and the 
respective traffic, and employs the S A to establish a secure link between the first 
and second processes ^ the second component utilizing a policy module and an 
Internet Key Exchanfle(IKE) module adapted to provide User Mode negotiations 
in order to establish a secure link among users . 
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32. (Cuirently amended): A computer readable medium having stored thereon 
computer executable components, comprising: 

a component to filter traffic between a first machine, having multiple 
services, and a second machine so that traffic for the first machine is separated in 
accordance with the respective services; and 

a component to generate and associate a Security Association (SA) with at 
least one filter, corresponding to at least one of the services and the respective 
traffic, and employs the SA to establish a secure link between the first and second 
machines , the component further comprising a policy module and an Internet Key 
Exchange (IKE) module adapted to provide User Mode negotiations in order to 
establish a secure link among users . 

33. (Currently amended): A data packet adapted to be transmitted between at 
least two processes, comprising: 

a first component to filter traffic between a first process, associated with 
multiple services, and a second process so that traffic for the first process is 
separated in accordance with the respective services; and 

a second component to generate and associate a Security Association (SA) 
with at least one filter, corresponding to at least one of the services and the 
respective traffic, and employs the SA to establish a secure link between the first 
and second processe s, the second component including a policy module and an 
Internet Key Exchange (IKE) module adapted to provide User Mode negotiations 
in order to establish a secure link among users . 

34. (Original): The data packet of claim 33, wherein at least one of the processes is 
executed by a distributed processing system. 
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